Skip to main content Skip to footer
PMO

Comprehensive guide to risk management

Get started

When you were little, did your parents ever use the old line: “If all your friends jumped off a bridge, would you jump too?”

Ours did. Now that we’re grown-ups, though, we don’t find that question as clear-cut as it used to be.

If everyone you know is jumping off a bridge, they probably have a good reason.

Jumping off bridges can be fun. There’s even a whole sport built around it — it’s called BASE jumping.

Or maybe the bridge is about to collapse.

Or maybe it’s only five feet above the water.

The point is, jumping off a bridge can be safe and even beneficial — it all depends on whether the benefits outweigh the risks.

You may have heard about risk management before. You may have even heard about it as a career.

But we promise: you haven’t heard everything.

Welcome to staging-mondaycomblog.kinsta.cloud’s ultimate guide to risk management, where you’ll learn to define risk, classify it, and control it.

What is risk in risk management?

Most people talk about “risk” in general terms.

It’s the chance that something bad might happen.

It’s a possible drawback of something otherwise beneficial.

It’s a board game with little army men.

In business, the word “risk” means something much more specific: it’s the probability that the actual return on any investment will be different than the forecasted return.

That can be any kind of investment — money, time, talent, equipment, or information.

Risk and reward are inseparable concepts in the corporate world. Typically, actions that involve greater risks will also involve greater rewards. But this isn’t always true.

Every investment will fall into 1 of 3 categories.

  1. The greatest possible risk is less than the smallest possible reward. You should make this investment.
  2. The smallest possible risk is greater than the greatest possible reward. You should not make this investment.
  3. The potential risks and rewards overlap.

You guessed it — most investments are in category 3.

That’s why risk management is a thing. It comes into play whenever an investment’s rewards justify its risks.

One more thing before we move on. Risk is not the same as uncertainty.

Uncertainty is a lack of information. — you don’t know what you don’t know. By contrast, risk is information: the calculated probability of an undesirable outcome.

You should try to reduce uncertainty as much as possible, but you can’t always reduce risk.

Get started with staging-mondaycomblog.kinsta.cloud

What are the 4 types of risk?

Risk management is about maximizing the ratio of reward to risk as much as possible.

A risk manager eliminates risks when they can, and mitigates them when they can’t be eliminated.

The first step in risk management is to define potential risks. This is called a risk assessment.

The vast majority of risks fit 1 of 4 categories: operational risk, economic risk, strategic risk, or compliance risk.

During this phase, it’s a good idea to have software where you can present that data clearly. We built several staging-mondaycomblog.kinsta.cloud templates for just such an occasion.

Let’s take a look.

1. Operational risk

Operational risk is the risk that returns will be different than expected because of something inherent to the investor themselves.

If the investor is a company, that means something about the company’s processes failed to measure up.

We’ll illustrate it with an example.

Let’s say you’re the producer for a blockbuster summer movie called Captain Superhero 2.

The first Captain Superhero movie made $100 million. You tell the production company for the sequel that you’re confident it can make $150 million.

But then you hire a director who has only made small independent films. He’s immediately in over his head.

You both clash over the script, and it’s still being rewritten when the actors arrive on set.

Soon the whole shoot is weeks behind schedule.

Fan excitement for Captain Superhero 2 is at a fever pitch, but when the movie finally comes out, it’s a mess. In the end, it only makes $75 million, half of your original projection.

To understand operational risk, remember that Captain Superhero 2 was perfectly capable of meeting its projections. Customer demand was there.

All the problems came from inside the house.

In this example, the production company failed to manage operational risk.

Operational risk is the easiest kind of risk to control for. It’s like that old song: “I’m starting with the man in the mirror…”

If the film company had hired a risk manager, they could have quantified the potential losses from their substandard operating procedures.

Then they could have made internal changes to minimize that risk as much as possible.

A legible, universal project management plan is one of the best defenses against operational risk.

staging-mondaycomblog.kinsta.cloud project management plan

Using a template like this one from staging-mondaycomblog.kinsta.cloud, you can track delays, monitor blockages, and get things unstuck as quickly as possible.

2. Economic risk

Economic risk is the chance that an investment will produce different-than-expected returns because of external economic circumstances.

Economic risk is frightening to a lot of people. The idea of losing everything in a crash is a special kind of scary.

However, while you can’t control for economic risk as well as you can for operational risk, there are still things you can do.

Let’s go back to our movie studio example.

Despite the poor box office for Captain Superhero 2, research indicates there’s a market for a third movie. There’s even a killer screenplay ready to go.

There’s one catch: it requires shooting on location in Faroffistan.

Just as production is ready to go, a military coup topples the Faroffistani government. The project is delayed by a month while you work out a deal with the new regime.

This loss wasn’t due to an internal process. You got everything right this time, but you couldn’t have planned for political instability.

In the same way, it’s hard to plan for a collapse in the stock market.

Or a change in federal interest rates that increases the debt burden on your firm.

These are risks that you can’t eliminate, but can mitigate.

More on the difference later. For now, we’ll share the best staging-mondaycomblog.kinsta.cloud template for managing economic risk: the budget tracker.

staging-mondaycomblog.kinsta.cloud budget tracker

Conscientious budgeting is the best way to hedge against economic risk.

Just like a household, if a business has savings to draw on, it can weather almost any rainy day.

3. Strategic risk

Strategic risk is the quantified change that an investment will underperform because of a change in the investor’s competitive landscape.

Unlike operational risk and economic risk, nothing has gone “wrong” here.

On the contrary: strategic risk represents the market working exactly as intended.

Customers vote with their money to approve or disapprove of a product.

Imagine that even though it’s clearly cursed, your franchise is about to get a new installment: Captain Superhero Returns.

You’ve done everything right this time. Solid financials. Shooting domestically. A perfect team.

And on opening weekend…you get clobbered.

Unfortunately, the next movie in the Commander Heroine series came out on the same weekend, and it did much better than yours.

Is this a risk the studio could have planned for?

Yes and no.

You can’t control what products other people are working on. In today’s business landscape, you may not even know what they’re working on.

But you can control how you relate to your market.

If the studio had cultivated a closer relationship with their audience, they might have learned that Commander Heroine series has a lot more of the things moviegoers are looking for and adjusted accordingly.

Software like the staging-mondaycomblog.kinsta.cloud software requirements specification template shows the value of engaging with your stakeholders and tracking what you learn.

software requirements specification template from staging-mondaycomblog.kinsta.cloud

With all the information in one place, you and your project team can get a clear picture of what the market wants.

4. Compliance risk

Compliance risk is the risk that an investment will turn out differently than forecasted because of the actions of the government.

An investor can incur compliance risk due to changes in laws or new informal regulations.

It can also come from internal processes not being strictly legal.

Compliance risk is a paradox. In some ways, it’s the easiest to predict. In others, it’s the hardest to plan for.

Let’s return to Captain Superhero one more time.

Years have passed, and the studio has decided the world is ready for the gritty reboot that will resurrect the franchise: The Captain.

The shoot went off without a hitch, and as always, anticipation is high.

Then, a week before opening, the President hears an impassioned plea from a film critic. The next day, he issues an executive order: the FCC will investigate any film company that releases a franchise reboot.

Now, this time, the example is a little implausible.

You’re much more likely to incur compliance risk from antitrust laws or environmental regulations.

But it does illustrate the best ways to reduce compliance risk in order to gain potential rewards.

You can’t predict changes in policy, but you can understand existing regulations.

A company’s legal department should be able to determine whether any of its actions risk civil or criminal prosecution.

You can track these compliance tasks with a legal case management template from staging-mondaycomblog.kinsta.cloud.

legal case management template from staging-mondaycomblog.kinsta.cloud

In our example, the film studio hasn’t broken any laws.

The executives might decide that the risk of the investigation — which can be mitigated by ensuring compliance with all laws on the books — is worth the reward in ticket sales.

By knowing the current regulatory environment, you can also forecast what might happen in the future.

As with economic risk, the best way to manage compliance risk is to plan ahead.

Get started

What are the 4 ways to manage risk?

Now, we know we’ve been plugging staging-mondaycomblog.kinsta.cloud pretty hard.

But in our defense, we built it, so we know it’s awesome.

And it just so happens we’ve got a template specifically for the risk management process: our program risk register.

staging-mondaycomblog.kinsta.cloud program risk register

This template lets risk managers understand a wide range of risks in incredible detail. By adding custom columns, you can record and track any amount of risk data.

Once you’ve got a central dashboard for your risk management plan, it’s time to start considering solutions.

In the prior sections, we touched on some methods for managing risk when discussing our hypothetical scenarios.

Now, we’ll drill down into the 4 most common methods of risk management.

1. Avoid the risk

Risk avoidance is simple: stop the behavior that will put you on a collision course with the risk.

In our examples above, poor internal processes caused an investment to underperform due to operational risk.

To avoid this risk, the company could address the shortfalls in their processes before committing to the investment.

Risk avoidance can also be practiced when the flaws come from outside your company.

For example, if you know that certain vendors or subcontractors have a history of late deliveries, you can choose to avoid them, saving you from delays.

Using staging-mondaycomblog.kinsta.cloud, you can keep a list of subcontractors that’s easy to peruse, letting you make the decision with complete information.

list of subcontractors template from staging-mondaycomblog.kinsta.cloud

Compliance is another form of risk avoidance.

By knowing the regulations in your city, state, and country of operation, and ensuring you always meet them, you avoid legal risk.

Don’t forget that risk and reward are linked. Avoiding too much risk can also minimize your rewards.

A common example here is the financial risk of investing in securities. US treasury bonds are a far safer investment than stocks in, say, whatever company produces the Captain Superhero movies.

But treasury bonds only grow so fast. The riskier bet can potentially make a lot more money.

In the end, it’s just a more complicated version of sports betting.

With all that said, it’s almost impossible to avoid all risk.

That’s where the other three strategies come into play.

2. Mitigate the risk

Risk mitigation means taking actions to lessen the impact of the risk if there is a bad outcome.

(You might hear all of these strategies referred to as risk mitigation, while this specific strategy is called risk reduction or harm reduction).

To mitigate a risk, a risk manager first conducts a risk analysis to see if the risk can be avoided altogether.

If it can’t — or if avoiding it would diminish returns to an unacceptable level — they develop a risk management strategy that accepts the possibility of the worst outcome happening.

This strategy often involves reducing the risk as much as possible, even if it can’t be eliminated completely.

You can’t control the threat posed by inclement weather to your company’s supply lines.

But you can adopt fleet management processes that discourage your drivers from taking unnecessary risks to stay on schedule.

Suddenly, a potentially disastrous risk — the loss of both a driver and their cargo — has become a much less severe risk of losing money due to delays.

You can bet that after 2020, no business will launch without a plan for how to survive a pandemic.

Corporate offices, for example, will make plans for how to switch their workforces on a dime to working from home.

What’s the best way to ensure that switch won’t lead to costly delays?

Get your team familiar with the technology that powers working from home before they need to use it.

A work plan template from staging-mondaycomblog.kinsta.cloud is a great place to start.

work plan template from staging-mondaycomblog.kinsta.cloud

3. Share the risk

In risk sharing, an individual or company designates another entity to bear some of the responsibility for a risk.

The most common form of risk transfer is insurance.

When you sign up for an insurance policy, you’re accepting that something bad might happen to you, your family, or your property. That risk can’t be completely avoided.

But if something bad does happen, you won’t suffer all the consequences.

If your car gets totaled, your car insurance company spends a lot of money so you don’t have to.

In effect, the financial risk you incur by driving is now a risk to them.

Many other prominent forms of risk sharing are managed by the government.

In the 1930s, the Great Depression spiraled out of control when destitute financial institutions were unable to return funds to the people who had deposited them.

The United States government responded by establishing the Federal Deposit Insurance Corporation (FDIC). The FDIC provides government funds to ensure bank customers will always be able to withdraw their money.

Since the government is funded by taxes, the FDIC effectively takes a risk to some taxpayers and shares it evenly between all taxpayers.

Everyone pays a little, so nobody is ruined.

Risk sharing can be as simple as having friends take care of you when you’re sick, or as complicated as establishing a new government agency.

Your company’s strategy will probably wind up somewhere in between.

Whatever you do, make sure to note down your strategies in your project charter, so it’s accepted practice to rely on them.

See how the staging-mondaycomblog.kinsta.cloud project planning template can help with that.

project charter template

4. Absorb the impact

Risk absorption, also called risk acceptance, involves acknowledging that a risk cannot be avoided or mitigated.

Risk absorption is often misunderstood. It’s not just sitting back and doing nothing.

Instead, true risk absorption involves actively planning to handle the impact of the worst outcome.

It is true that companies who don’t employ risk management strategies will pick this option by default.

Then, when they suffer losses, they’ll have to scramble to recoup them as best they can.

However, if your risk analysis does determine that you face an unavoidable risk, you don’t have to just wait to take the hit.

Let’s say your enterprise risk management team has discovered that your latest project faces a strategic risk.

You’re working in a space where a new competitor has a chance of leapfrogging you.

You could respond by diversifying your offerings. That way, if you lose business in one area, you can make up for it in others.

Another option is to stake out a part of the space where you can’t be assailed — an industrial fortress as it were.

When Apple’s technology caught up to Microsoft’s, plenty of customers decided that Apple made the better product.

But because Microsoft had been established for longer, they supported more software. They were able to use their inherent assets to absorb the risk.

We mentioned the staging-mondaycomblog.kinsta.cloud budget tracker template before, but did you know you can also use it to plan a risk absorption strategy?

If you know what unavoidable, unmitigatable risks you might face, you can budget for them ahead of time.

With a budget for incidentals set aside, you’re prepared to absorb risks you don’t even know about yet.

Conclusion

In a way, everybody in business is a risk manager to some degree.

Every decision involves balancing potential gain against risk.

You have to make value judgments about whether risk in one area is worth reward in another.

Or whether a certain gamble is worth it.

There is such a thing as a career in professional risk management. Your job will involve risk identification, risk analysis, and devising strategies to avoid, mitigate, share, or absorb risks.

But whether you’re a career risk manager or just a decision-maker — which we all are — it’s easier with staging-mondaycomblog.kinsta.cloud.

Check out our list of customizable templates today, and pick the right one to launch your risk management strategy.

Get started

Get started